No, probably not.

There were a number of failures on the part of the Office of Personnel Management that allowed hackers to steal the personal information on millions of current and former federal employees. But it is unlikely the agency would have been able to prevent the breach entirely.

More: OPM laxity to blame for data breach, lawmakers say

Federal networks are protected by a number of tools, the most robust being Homeland Security's Einstein program, a government-wide firewall designed to detect and, in its latest iteration block known security threats. However, as with most cybersecurity solutions of its type, Einstein cannot protect against zero-day attacks using methods not seen before.

Online Multimedia Report: The OPM Data Breach: What You Need to Know

"The Einstein program has gone through a number of different generations and certainly provides a lot of useful information," said Eddie Schwartz, chair of the cybersecurity task force at ISACA, a nonprofit membership association focused on IT risk management. That said, "it's not a panacea … It's another source of information that can be used by incident response teams."

More: Does cyber breach illuminate $3B DHS failure?

Information is the biggest weapon in the cybersecurity war. To that end, in February, President Obama issued an executive order calling for the creation of Information Sharing and Analysis Organizations (ISAOs) to act as conduits between government and industry.

By sharing threat information, the public and private sectors would work together to expose attackers and their methods, improving everyone's security posture.

The House passed two bills in April that would establish ISAOs, however the Senate has yet to fully take up the issue.

More: Industry wary of House-passed cyber bills

If the attack on OPM's servers was indeed perpetrated by hackers associated with the Chinese government — as stated in several media reports, citing unnamed government officials — it's possible a robust information sharing network might have helped detect the attack, if not prevent it.

"The malware that comes out of China … by and large is very, very simplistic," Joe Stewart, director of malware research at SecureWorks, Dell's information security lab, told Federal Times earlier this year. "China's approach seems to be throw a lot of basic level programmers at a problem."

The attack patterns observed in hacks attributed to the Chinese show an iterative approach – using variations on a piece of malware until something actually gets through.

More: Malware getting more advanced, easier to use in 2015

"You can either get super stealthy with something or just have enough new stuff churning that it takes a long time for anti-virus companies to catch up," Stewart said. "That strategy of just coming up with a thousand new pieces of malware — that are all basic but are new — that works pretty well if you have enough programmers."

It's possible someone in industry might have seen the attack vector used against OPM and, with ISAOs set up, given that information to DHS, which could have incorporated it into the Einstein program.

Even if that had occurred – a relatively big "if" – the iteration of Einstein working on OPM's servers only would have been able to detect the threat, not block the hack. The third version of the program — Einstein 3 Accelerated (E3A) — would have been able to block known malicious traffic, however it has not been deployed at OPM yet.

More: OPM hack went undetected for a year

DHS officials have said E3A will be operational across federal civilian networks in 2016.

Even with those protections, persistent hackers likely would still have broken through.

"Whether it's an organization that focuses on attacks and hacking or it's a foreign adversary, the reality is these more professional-type organizations have the capabilities to go on an offensive spree — where they're throwing all types of stuff against the wall," said Ken Kartsen, vice president of federal for Intel Security.

More: Second OPM hack exposed highly personal background info

"There's not one thing we can do to protect us against this one or the next one," Kartsen said. "There's a lot of things that we have to do and put them together and think constructively about the capabilities that government has, the capabilities that industry has, the information on both sides and how do we bridge that gap between us and how that partnership provides for better defenses."

These tools together can give government a good defensive base but breaches are still inevitable.

"I wouldn't use the word 'prevent,'" Schwartz said. "Anyone who operates thinking that the ISAOs or the Einstein program is going to prevent bad things from happening is delusional. The reality is that these programs are designed to lower risk … No matter how good security is or what regulatory scheme [an agency] might be under, they're still subject to failure."

Video: What should feds do after OPM data breach

Prevention is only one part of cybersecurity, however. Stay tuned to FederalTimes.com for more on OPM's other security failure: encryption.

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More